Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Firefox, Thunderbird, SeaMonkey Get a Security Overhaul



 By: Lisa Vaas
2007-06-01
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Mozilla releases updates for flaws that could result in system hijacking in its open-source browser, e-mail client and Internet applications suite.

The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite.

The bugs, deemed critical, are detailed in Mozillas Security Advisory 2007-12. They include multiple vulnerabilities in Mozillas Layout Engine and in its JavaScript engine that can result in memory corruption and lead to system takeover or DoS (denial of service). The function of a layout engine is to handle content such as HTML, XML, image files and applets as well as formatting information including CSS (Cascading Style Sheets) and presentational HTML tags. The layout engine displays the formatted content on-screen, filling in the browsers content area.

Resource Library:
Firefox users who dont install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low-privilege mode.Click here to read more.

According to Mozillas advisory, the impacts of the vulnerabilities vary. "Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory says.

Mozilla fixed the Layout Engine bugs in these updates: Firefox Versions 2.0.0.4 and 1.5.0.12; Thunderbird Versions 2.0.0.4 and 1.5.0.12; and SeaMonkey Versions 1.0.9 and 1.1.2. The downloads are available at the advisory site.

Mozilla points out that Thunderbird shares Firefoxs browser engine, which could make it vulnerable if JavaScript is enabled in mail. The Foundation says that this isnt the default setting and strongly urges users not to run JavaScript in mail. "Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images," Mozilla says.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Firefox, Thunderbird, SeaMonkey Get a Security Overhaul
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}v6EW-ȶĶ<==: I)CRdv^}}ƭ.KNlKX@ B;;~$rɅklJv9;D;;}!ԇP|oQP/2t}R  tӌ5v:! M>>;|9|@vD%j'aCk~cFcW2ű5m2 f E1;' VI G6 #%=֥ȏ{ k[!tUN(T| 0tTǖþ=ay5EhDԤ#|xB'gxd #BE=x?:Q/M+l m׸ڮUX'[vR䅰Q(0F.Č/t#wJ;vy'M|'f]ÑcWPpmׇVsTq3#}jݷt{#ԷF@:S1)æ'I/#!TBRp`FG?j%yiOl+;)|y[YV5]q;ݙcoE-2'l"R ?q7`BaCJ&5\_-׉"ˁ,ftg0eʆ}{ʾVWR\W}`[©;ho~wTUMSe@B mݹWжF^׵Cq9}r>? 7;A:W@o&1W`ZLTQRpf Rc@GǏY^:G5=(ǭ~7-hZIAvina[E4b™EU}dN"?[ڗu&u}Y6f0ZiCA+Wt?#;ˠrqszr|qӹJa͢4-I` ߖI@[)@ K:YK7BS_?g]p a4F@Lt&h)5?&Țb.L2<|)=>-`i˫ TE嗋mESu= (J!bN3E !\J!=! g|8Jn΋|? [Z&Ǩfmќ-Ӆ]WcL^cL .Cuv}BzW^?]{6LqJjh.B2iKB0qkꛛZk_@r /*r[h 2ud8԰1nґ>âx? tSOC|>56㤞F!|Бdmxq=Z.3+ԍEXn`Ntha^i1[ <ۋJ!pIxZSx&ztmP`~5$ǎ@ Ls'08 ɝ5E0%ݻCi`y1&=զA{ Tgg ,zC k 6G~[>l03QP sZ.( 7c2)%%E2G 4.gH)AH =[h ]99z |?#!bRN[ '9Rt{B#RyMfJ9cb -d[b}IlΌ eV&vϏa,[Lbo7], Slo3-Muc{\V5mZO4MhFa1A.μG36I `0ED$%\Ew,Ofzn8 DŽs w!4ӇiЈ4XĽǦYguϳ-jGrǸ%q9an5ʉ=MO5XScX`D~wzb0qm/n)NaV|\t\g˪zKfYZ^ӛA'~/ \[KҞY%9&ۂx A-ҘZZE"JP> <CɧqHLċl-~6pZ#nP jrIj#SVhVK^Me+ L 4 p*w`bB0 OaNcy6|Az{fl.>q /*l|2ː 7q'JkX"lM M=t%<42.|O\V,'0#Všk?N=Kwaﴽ.J-.jFd>n 'L[QHz{=cTfha8lX*uouj)ՃI ,䧒ZQJ1M1D ȸla,riL*wڶ{O>QȺHPOK ˙@'@*"ZC/'ѠVĒ8riPzP* cWE˿\vg;fc p+z\sgI 7ѾhʰeZh`Zu6$KD(Ogx&\3QtP7&8ЙmE4dD ڸ/)cpGl^ \~<ׇBK SK@'^a`EBkǖYCǖbT۔І[TR=OqP%УGii}~هF9#(!߬0HHǤ|m*,n1}a%[ŜQx` fzlhdt߫]=+coZ''ˏ5a=;oF)^9 us)d}=^zsٖҽNWs9A nTH,F_!yۭFS̠o2XH|0<㥑a+"@TK}͙B9ki.Dz=t_5g0YT p% ΒGa Bf-3ۿ|CCZNy,(@RPOh%[#N:֗vVgp=" BtX 1teES)Q\(hI{LG"G(^(ί([ҷoDW蘧YGD_q-sz<~\2Z9ntL{Nbp jwz`ySrg!,/De/p]Zim} zs@&iR'D[3pu*lKhw)~ڰO{h&})'AuhaXKwnio6`4 ݣvR:}i?v;}pܶdM#}ݾJf9k^d̠t4s {!.`0.E<@7?~eҰ+w= =z»s.+R!ykE7_SU+sTOڼ&E%:m֗Fݽ]޿wBĬxBwvc"Qb SގۊL>Nkb+b8 9b;kr-,Wx>TJtIt+kU%!*̩QLy2zI$ɜf/iE6F.O&" YD(OۜN>e>e,[ϓ )&!h 6(ɁL\qBTYpn(ӈ֔xJjp~t_tx9Mz!Yfd 'PBbkR'AmD|i5^M6v2@ R|V3RTLk.USdwՐu92 w˶uʞ?%HRTE:sm* C]A )I0meFSr+a) +.m,x&)U}|]h/%XIi#Ȩ_-}z8"reӕZl)ybHCAbF9fw &Ũ+-x MҦVz)^c2J0H]:R/"^cExXUNm/6POB N@"oIymU"U*rQ5=4&4@JZ oIy)Wں&P56psEzC 0t mhGoesÊ[qI|I[di\;we>>Wq|#s~s~s~s~}k^-~M{aWy۟;:$s׽e^SJmfbT:weRHWǤi TEhs5{ o3v6ʶͱQC;۝q+2BP!^jN%zn" {[!EH7΅ f~b Hz"wRMM@ B / V pMjB=a}6s7Ytv?}4:Q?"scMe_1ԝ+14e\C:kpǭ[`^m0#K^-k*Ԟ-af]UVndt2 X%i5BYQKvɵɅ5;ye`=Xmy9YyKjۏ Rt IߚRF ,W飏ji+TJ M?;-hA_|K @xl9 c=ZF]j(7KgJR4H vp{7xo/5!oI{m>9bّәED0ډJ J3RmFΝz_ayZܾ\`{&Yqc[QZJYb;7s":;KfHtGw,}@8(Qq7~m>F0'7Zi_S=@%KO.&ڰ+71Ք6ZvN[y5&p<|WR=U'=hpq=l@1"6 ?Ji:NU~NP FpKu3'&΀E௹oX{+$̽Og-˘x|U?fC7,>1 >B$!i:oF˞0Iݹa?Ð3{OZ"_Z1ш@Q->ɹ uǤ')45aBx$ld WcJeSII!5Q"xlkXa،w;WLQj*!b3wȧX, }!_$ FKs8E!f*@`g*o c!z)%n67p>9o0!,a4`ynF"O-x} 5t ar VpRt=:rtԨ)ʞ*|{C` g cwR[7ei\D^^?&).yci 8^yN4_Z8 oX22 =<RXX_1[5=L꺂OJBveX zvkwywfU#{8~\OSz% %uW0`A i2bg4t\K4{$$ ͈ɵ?ѝ#Mh]]!k"6}:_w%9jwooW[u{{sپ\YZ(1 ky/m2/*f(H^.NQʩ`Sg̵,<^;KwE Gcq~^cw |$;5U6rWzuL&鏉Bup:/kj:ٙ%rۯ&mzVx9n0CP܄qP b>^ Ȥou[9@/9B9P~)By79hp)?@|OPiuY<.r_'\C;9Wh)_V05/r_^sC " ϋO/?C3(?)-/ra|/s2G~.a.sƯ _9 *?srק 9}}Ρ   M:Iʙ#g+\8=JW ͣ~TA__y+%iN>質9+f7_ʡsTh=*Я#Uߗdnldڹ:R+ ]q%el]i8&ֲ۸/6h}/1^ZF9/d_ţu.Tl ҙ/ix@\Ş_ >Zo.TùLHd v"ёwRF _8 bsފjd!׶+2}jSo:h}v;W%eo,"m,?hPv_'^{ #E3dƨz< Rȹ 傾]#rF33/1#qyY ЙW8T"? zJ%J9*نW0UZVA{b>DBqb<#U:.~=IT~7)HxrHIhC>~EE3`A0^|eD$uЧ FϨnC>Ze.,s(ŬBSd<)O?'[nA5y`1v`eh> n=ձ]w O`7@#>&rd{Ko^CkSsL%:Ɛ/9-S)0p,\ftO#m<` G&Ζ$߀)0uoA}^nT <+1 <&`cܢ_\nP\jӟH.\Tvbbq Y9gf;I 2 G8&U];x9kK@0mѥhOɬq7V0Y cϓp% `:#Vږ+p\͔  ]'[ڧ3й?-Re[͌(_X (K# LwENpshنGkXǸ[ [* Iy>p <Щ0Tu.vrmnJQXƪa#¶u4mщo߉n^3Qa[O_g~C{%9w:~0>~09&rX)>ٔ6s޷`=`Z]x O!0YdWP Y-f1%Dv$8ґCA؞B*>e31C7Dn0BrH d[H_مuv3\j/YH~1 <99.@OI"cXM1}a`|3!2T!6xvY`Iq{C[7nyQO'RTFYzhI:vJ]NN:񲞝P7 r̳ś|G`bhPlyPVKG36HZ\֓}\/mtǍo=F駰a9TU>\J\SK4%WY/VgЧTN&N⇅ wm&l2)v}mb-c6C-;Te(